MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain. ClamAV and ML classifiers have identified this file as malicious, specifically a phishing trojan. The document body, though partially corrupted, suggests a lure related to 'caracteristicas de los cestodos pdf', likely to trick users into clicking the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/award?keyword=caracteristicas+de+los+cestodos+pdf
- http://xarusogu.22web.org/fusionner_plusieurs_avec_adobe_reader.pdf
- http://vesixadaw.22web.org/how_to_use_calligraphy_brush_markers.pdf
- https://cdn-cms.f-static.net/uploads/4487897/normal_603bf931d228d.pdf
- https://cdn-cms.f-static.net/uploads/4471969/normal_5fd796de3b0a5.pdf
- https://cdn-cms.f-static.net/uploads/4388839/normal_6027b43739df2.pdf
- http://loleveze.iblogger.org/ryobi_10_miter_saw_manual.pdf
- http://laregazobo.22web.org/tenor_banjo_chord_chart.pdf
- http://rejasepilibuxep.iblogger.org/jajuvodobedogimuxu.pdf
- https://cdn-cms.f-static.net/uploads/4490754/normal_601471abb9bf2.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://tawegimasozaj.epizy.com/how_to_pair_blueant_supertooth.pdf
- https://s3.amazonaws.com/jedaxopopuko/kezimuvinozameme.pdf
- http://momosetid.rf.gd/furosemide_stress_test.pdf
- https://8c17aa34-c454-4d6c-a218-8929c845e329.filesusr.com/ugd/808cd0_6f275716e0514759ae8fdb83dfdebd1c.pdf?index=true
- http://gatovon.rf.gd/nursing_portfolio_cover_page_template.pdf
- https://s3.amazonaws.com/taturi/graco_pack_n_play_sheet_dimensions.pdf
- https://9169454a-6e45-4b39-89c4-5cd9bf0a6084.filesusr.com/ugd/32fbc8_782be84e901f47828fac1bc770ac8152.pdf?index=true
- https://s3.amazonaws.com/dutuzanob/99512109537.pdf
- http://labotiz.rf.gd/difop.pdf
- http://dagewokoxigu.rf.gd/mr_coffee_cold_brew_coffee_maker_instructions.pdf
- http://fefomuk.epizy.com/answers_pet_food_bulk.pdf
- http://viwumizebawekez.epizy.com/42817598580.pdf
- http://regovud.epizy.com/redemption_song_bob_marley_guitar_chords_and_lyrics.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f208.bina954185803e9e426d86648451746038777a51e2dc49522758182921e0bcd86d3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF208 | 5052 bytes |
font_01_sfnt_off0001033d.bin4e83233fefee4a89dca68c09e65a463b0d709a624ae20b604f67e7705e75795c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1033D | 11856 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.